Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-1784 EXPLOITDB text VERIFIED
myjoblist 0.1.3 - SQL Injection via eid Parameter
SQL injection vulnerability in MyJobList 0.1.3 allows remote attackers to execute arbitrary SQL commands via the eid parameter in a profile action to index.php.
by Red Security TEAM
CVE-2012-1297 EXPLOITDB text
Contao CMS < 2.11.0 - Cross-Site Request Forgery via User, News, or Newsletter Deletion
Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module, (2) delete news via a delete action in the news module, or (3) delete newsletters via a delete action in the newsletters module.
by Ivano Binetti
CVE-2012-6533 EXPLOITDB text VERIFIED
Symantec PGP Desktop and Encryption Desktop - Local Privilege Escalation via Buffer Overflow in pgpwded.sys
Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application.
by Nikita Tarakanov
CVE-2012-1790 EXPLOITDB text VERIFIED
webgrind 1.0 and 1.0.2 - Path Traversal via File Parameter
Absolute path traversal vulnerability in Webgrind 1.0 and 1.0.2 allows remote attackers to read arbitrary files via a full pathname in the file parameter to index.php.
by LiquidWorm
CVE-2012-2236 EXPLOITDB text
PHP Gift Registry 1.5.5 - Authenticated SQL Injection via UserID Parameter
SQL injection vulnerability in users.php in PHP Gift Registry 1.5.5 allows remote authenticated users to execute arbitrary SQL commands via the userid parameter in an edit action.
by G13
EIP-2026-111029 EXPLOITDB text
phpDenora 1.4.6 - Multiple SQL Injections
by Patrick de Brouwer
EIP-2026-109526 EXPLOITDB text VERIFIED
Mobile Mp3 Search Script 2.0 - 'dl.php' HTTP Response Splitting
by Corrado Liotta
EIP-2026-102012 EXPLOITDB text
Snom IP Phone - Privilege Escalation
by Sense of Security
EIP-2026-119451 EXPLOITDB text VERIFIED
WebcamXP and webcam 7 - Directory Traversal
by Silent_Dream
EIP-2026-116460 EXPLOITDB text VERIFIED
Unity 3D Web Player 3.2.0.61061 - Denial of Service
by Luigi Auriemma
CVE-2012-4928 EXPLOITDB text VERIFIED
Oxwall 1.1.1 - Cross-Site Scripting via Plugin Parameter
Cross-site scripting (XSS) vulnerability in ow_updates/index.php in Oxwall 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the plugin parameter.
by Ariko-Security
CVE-2012-4927 EXPLOITDB text
Limesurvey <1.91+ Build 120224 - SQL Injection
SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php.
by TorTukiTu
CVE-2012-1226 EXPLOITDB text VERIFIED
Dolibarr CMS 3.2.0 Alpha - Path Traversal & Arbitrary File Read via Document.php or Backtopage Parameter
Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php.
by Benjamin Kunz Mejri
CVE-2012-1415 EXPLOITDB text
DFLabs PTK < 1.0.5 - Cross-Site Request Forgery in Logout Function
Cross-site request forgery (CSRF) vulnerability in lib/logout.php in DFLabs PTK 1.0.5 and earlier allows remote attackers to hijack the authentication of administrators or investigators for requests that trigger a logout.
by Ivano Binetti
CVE-2012-1224 EXPLOITDB text VERIFIED
ContentLion Alpha 1.3 - Cross-Site Scripting via PATH_INFO
Cross-site scripting (XSS) vulnerability in system/classes/login.php in ContentLion Alpha 1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
by Stefan Schurtz
CVE-2012-1001 EXPLOITDB MEDIUM text VERIFIED
Chyrp < 2.1.2 - Cross-Site Scripting via Content or Body Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Chyrp before 2.1.2 and before 2.5 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) content parameter to includes/ajax.php or (2) body parameter to includes/error.php.
by High-Tech Bridge SA
CVSS 6.1
CVE-2012-1001 EXPLOITDB MEDIUM text VERIFIED
Chyrp < 2.1.2 - Cross-Site Scripting via Content or Body Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Chyrp before 2.1.2 and before 2.5 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) content parameter to includes/ajax.php or (2) body parameter to includes/error.php.
by High-Tech Bridge SA
CVSS 6.1
EIP-2026-105620 EXPLOITDB text
Brim < 2.0.0 - SQL Injection
by ifnull
CVE-2012-5320 EXPLOITDB text
Sagem F@ST 2604 - Cross-Site Request Forgery via sysPassword Parameter
Cross-site request forgery (CSRF) vulnerability in password.cgi in Sagem F@ST 2604 253180972B allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter.
by KinG Of PiraTeS
CVE-2012-1309 EXPLOITDB text
D-Link DSL-2640B ADSL Router - Authentication Bypass
by Ivano Binetti
CVE-2012-1304 EXPLOITDB text
Fork CMS 3.2.4 - Local File Inclusion / Cross-Site Scripting
by Ivano Binetti
CVE-2012-1305 EXPLOITDB text
Fork CMS 3.2.5 - Multiple Vulnerabilities
by Ivano Binetti
CVE-2012-1208 EXPLOITDB text
Fork CMS 3.2.4 - Cross-Site Scripting via Report or Error Parameter
Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) report parameter to blog/settings or (2) error parameter to users/index.
by Ivano Binetti
CVE-2012-0873 EXPLOITDB text VERIFIED
Boonex Dolphin < 7.0.8 - Cross-Site Scripting via Explanation or ViewFriends Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or the (2) photos_only, (3) online_only, or (4) mode parameters to viewFriends.php.
by Aung Khant
CVE-2012-0873 EXPLOITDB text VERIFIED
Boonex Dolphin < 7.0.8 - Cross-Site Scripting via Explanation or ViewFriends Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or the (2) photos_only, (3) online_only, or (4) mode parameters to viewFriends.php.
by Aung Khant
By Source
All 31,386 Writeup 62,282 Exploitdb 50,076 Nomisec 22,409 Github 3,626 Metasploit 3,312 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,570 ruby 6,003 c 3,626 perl 2,849 html 2,075 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 131 go 73 postscript 25 typescript 25